By Chad Knaus, IT Systems Engineer

There’s an old adage that says there are only two things in life that are certain: death and taxes.  In today’s digital age, I think we need to add a third – that your organization will one day be hacked by cybercriminals. IT security is something most organizations know is important, but don’t really want to think about – until something goes wrong.  When you’re going along fine and nothing bad has happened, it’s easy to convince yourself that your organization is too small, too big, too under-the-radar to be attacked.  It’s the comforting lie we tell ourselves that makes it seem ok to put off that security discussion another day, week, month – year.  Then, one day, your organization’s computing power is stolen by cryptojackers or – even worse – all your customer data is taken hostage in a ransomware attack – and it’s in that moment that you truly realize just how important security really is to your business.

The truth is, security should be at the top of every company’s priority list and budget because the cost to recover from an attack can far outweigh what you would have spent securing your systems correctly from the start. Unfortunately, because there’s no single product or solution you can buy to guarantee you are attack-proof, security is often relegated to the back burner, giving cybercriminals the green light to move right in.

Some people contact us for help at that point, in the midst of a breach. Others, knowing they needed protection, have already installed antivirus and other security software solutions on their systems but call us when they’re having trouble managing them. Having worked with nearly every top-name security product on the market over the last 20 years, I can affirm that many well-known solutions, despite boasting a large user base, cause such a significant degradation in network performance that their users are compelled to look for replacement options.

One such option that offers protection without network degradation is a software solution from Sophos, an organization that we have recently partnered with that takes an interesting, useful and feature-rich approach to endpoint security. Sophos provides stringent protection against even advanced cybercrime, including ransomware, for nearly every size customer – SMB to enterprise. And, importantly, Sophos can be deployed not just on Windows, but also on Macs and Linux, which means, if you have a mixed environment, you can protect all of your systems with Sophos – not just your Windows desktops.

Through a recent acquisition, Sophos added protection that uniquely detects and prevents even unknown malware and sophisticated attacks using a patented deep-learning neural-network algorithm coupled with behavioral monitoring to both identify and stop attacks before damage occurs. And perhaps the best part is that it’s not a resource hog; the algorithm can quietly work in the background without degrading the performance of your network or reducing your users’ productivity, a complaint we have heard from many of our customers about competing solutions they installed before contacting us for a recommendation.

Another nice addition from Sophos is that, for every business license you purchase, you get a single-user, unmanaged license that your employees, for example, can install on their home computers as well, giving you – and them – additional protection.

Choosing the Right Security Solution

So how do you choose the solution that’s right for your organization? That’s a business-critical question without a quick-and-easy answer, but a good place to start is with a few more questions.

  1. How important is it to your business and your customers to keep your data secure? Many organizations operate under the assumption that, as long as their business is protected, they’ve succeeded on the security home front. But, that’s not necessarily so. Think about Equifax. Their own data may have been fine, but very personal information – including social security numbers, birth dates and home addresses – belonging to 143 million of their American customers was exposed in one of the most memorable cybersecurity breaches in recent history.1 The damage to Equifax’s customers was clearly enormous – but think about the damage to the brand’s reputation.
  2. How secure is your network from the outside? From a network perspective, what kinds of firewalls do you have in place? How easy is it for people to break into your network; for example, when employees work remotely, do they use a virtual private network (VPN) or do they have direct access to your IT systems?
  3. How secure is your network from the inside? According to security experts, 98 percent of modern cyberattacks begin with deceptive tactics that trick email users into accidentally giving the cybercriminals access to what would otherwise be well-protected data. Have your users been trained so they know how to spot a suspicious email? Even the most dedicated employee can accidentally expose your organization to a significant breach if they fall for a sophisticated phishing scheme.
  4. When examining a potential solution, what threats does it protect against? There are a lot of solutions on the market today that can help protect you from viruses and malware – but what about newer threats like ransomware and cryptojacking? Few endpoint security companies have been able to develop protections as fast as threats are discovered.
  5. How dependable is the solution you’re considering? One of the first things we look at before choosing a security vendor is the reputation of the organization among existing customers. How successfully has the company thwarted attacks? How easy are its solutions to deploy and manage? How frequently does the company introduce features to keep up with new threats? And how much of your IT resources will be required to enact this level of protection?

It’s important to remember that, even if you follow these guidelines, you’re still not completely protected.  No solution is foolproof because cybercriminals are smart and constantly evolving their craft.  But, if you combine an intelligent, small-footprint solution like Sophos with our Security Awareness Training Service that trains users with simulated phishing attacks, you’re definitely headed in the right direction.

With that said, if there is just one message you take away from this article, I hope it’s this: Don’t wait until an attack occurs before you make security a priority. Every organization is vulnerable to attack, and while there’s no absolute way to ensure your data is safe, there are best practices and top-notch solutions that can harden your systems and give you peace of mind.

Want to learn more? Start by exploring SRC’s IT security services, then think about your organization’s own vulnerabilities, including those associated with the Internet of Things (IoT).  Next, find out the role data protection and recovery play in your security strategy as well as how to turn your employees into human firewalls. Finally, read about some of the top-name brands in the security solutions business including Kaspersky Lab, Sophos, Synack, LogRhythm, EventTracker and KnowBe4.

 1 The Washington Post (9-7-17) Data of 143 million Americans exposed in hack of credit reporting agency Equifax

2 Press Release (January 23, 2018): KnowBe4 Unveils New Phishing Benchmark Data and Showcases Most At-Risk Industries